Date: Mon, 06 Apr 2015 13:24:55 -0400 From: Eric van Gyzen <eric@vangyzen.net> To: Devin Teske <dteske@FreeBSD.org>, freebsd-current@freebsd.org Cc: cperciva@freebsd.org Subject: Re: [RFC] Add "GELI Passphrase:" prompt to boot loader Message-ID: <5522C167.6090408@vangyzen.net> In-Reply-To: <0D7CA1BF-3052-41FD-A3E7-5BBAA51B214A@FreeBSD.org> References: <0D7CA1BF-3052-41FD-A3E7-5BBAA51B214A@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 04/06/2015 12:58, Devin Teske wrote: > Hi -current, > > I have a pending enhancement to the boot loader that Colin P. and I > have been working on together. > > URL: https://reviews.freebsd.org/D2105 <https://reviews.freebsd.org/D2105>; > > The nature of the patch is to cause the boot loader to prompt for the > GELI passphrase and then pass that on (through a kenv(1) variable) > to Colin’s code in geom_eli.ko where it will be: > > (a) picked up for-use as the initial passphrase attempt(s) > (b) zeroed after being picked-up so “kenv kern.geom.eli.passphrase” > returns nothing > > NB: Actually, “kenv kern.geom.eli.passphrase” generates the error > “kenv: unable to get kern.geom.eli.passphrase” > > The problem that I (we) need help in solving is: > > If the geom_eli.ko module doesn’t get loaded, then the variable > (kern.geom.eli.passphrase) is not zeroed. > > While I do think that this is of minimal concern (not loading the GELI > module means you won’t be able to get past the mountroot prompt in > the case where GELI is required to boot), I discussed with Colin and > I think we are in consensus that the resetting of the variable should > perhaps be moved to another section of the kernel to prevent leakage > of this sensitive information being passed through kenv(1) variable(s). > > Issue for me is, I’m not sure where the best place to move this to. > Here’s the code that needs to be moved (Lines 108-109 of g_eli.c): > > https://svnweb.freebsd.org/base?view=revision&revision=273489 <https://svnweb.freebsd.org/base?view=revision&revision=273489>; > > > 108 <https://svnweb.freebsd.org/base/head/sys/geom/eli/g_eli.c?annotate=273489&pathrev=273489#l108>; /* Wipe the passphrase from the environment. */ > 109 <https://svnweb.freebsd.org/base/head/sys/geom/eli/g_eli.c?annotate=273489&pathrev=273489#l109>; kern_unsetenv("kern.geom.eli.passphrase"); > > Need to move that preferably to some place in the kernel that is NOT > optional in the compilation process. Suggestions? How about putting it right after a successful mount of the root file system? (I've never used GELI, so this could be as "right out" as five.) Eric
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5522C167.6090408>